Saturday, December 2, 2023

Massive Surge in Cyber Attacks Targeting Real Estate and Utilities Organizations

Cyber attacks are becoming increasingly sophisticated as threat actors continuously evolve their tools and tactics. 

They leverage advanced technologies, use social engineering techniques, and collaborate in sophisticated cybercrime networks.

The real estate and utilities industries have seen a noticeable increase in intrusions over the last three months, according to the recent study report shared with the Cyber Security News (CSN) team from CYFIRMA.


Deploy Advanced AI-Powered Email Security Solution

Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware

Past 90 Days in Numbers

Real estate and utilities appeared in 13 of the 59 observed campaigns, accounting for 22% of the total, lower than industries with greater appeal to nation-state threat actors.

Besides this, the Chinese cyber activity also surged with Barracuda ESG vulnerability use. However, no new real estate or utilities victims have been observed in these campaigns since then.

Attack count
Attack count (Source – Cyfirma)

Here below, we have mentioned all the involved threat actors:-

Threat actors
Threat actors (Source – Cyfirma)

Real estate and utilities draw both financially motivated and nation-state actors. Europe, potentially targeted by Russian-linked threat actors amid the Ukraine conflict, experiences the highest attack activity.

Geographical Distribution
Geographical Distribution (Source – Cyfirma)

Cyberattacks primarily target web applications and operating systems across industries, with instances of compromised VPN and application infrastructure.

Most attacked technologies
Most attacked technologies (Source – Cyfirma)

Phishing attacks

This report excludes internet service providers from the analysis, focusing instead on water and energy utilities. Phishing lures targeting utilities are highly localized, deterring threat actors seeking broader targets.

CYFIRMA’s telemetry detected only 42 phishing attacks targeting utilities and none related to real estate in the past 3 months, with a primary focus on broader phishing campaigns.

Global Distribution of Phishing Themes per Sector
Global Distribution of Phishing Themes per Sector (Source – Cyfirma)

Impersonated brands

Here below, we have mentioned all the real estate and utilities industry brands that are impersonated:-

  • Pkn Orlen
  • Swiss Office of Energy
  • ENEL Energia S.P.A
  • Polska Grupa Energetyczna

ASN telemetry revealed PKN Orlen phishing linked to the USA, while the Swiss Office of Energy had Swiss roots, and Italian Enel Energia and Polska Grupa Energetyczna traced back to German ASN, indicating an international PKN Orlen campaign versus local cybercriminals.

Attack origins
Attack origins (Source – Cyfirma)

CYFIRMA found 117 ransomware victims in real estate and utilities in the last 90 days, 7.4% of 1,579 incidents, with a sharp rise in August.

Lockbit3’s August surge leads, driven by Cl0p (+Torrents), while 8base with ALPHV and Akira maintain steady numbers. The top 5 gangs make up 59% of victims, but smaller groups still cause significant harm.

Major ransomware gangs
Major ransomware gangs (Source – Cyfirma)

Out of 45 active gangs, 29 targeted real estate and utilities, with Cl0p showing minimal interest in this sector.

Victims Targeted

The United States leads with 65 out of 112 victims, highlighting global ransomware threats that know no boundaries, as cyber attackers target vulnerable organizations worldwide.

Geographic Distribution Of Victims
Geographic Distribution Of Victims (Source – Cyfirma)

Nation-state APTs show limited interest in real estate and utilities, mainly focusing on energy, notably in Europe in the middle of the Ukraine-Russia conflict.

Real estate and utilities lack appeal for widespread phishing due to localized fragmentation. Lockbit3 is the top gang, while Cl0p has fewer victims in this industry. However, besides this, the real estate developers and construction businesses are the most affected sectors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.


Latest articles

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

CISA Warns Hackers Exploiting Wastewater Systems Logic Controllers

In a disconcerting turn of events, cyber threat actors have set their sights on...
Tushar Subhra Dutta
Tushar Subhra Dutta
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles